No better times before, even in cybersecurity

::: nBlog :::

When I was 11 years old, my father bought me an electronics book which was at the time used for basic electronic engineering courses during the 1st year of university studies. It detailed all the semiconductors and vacuum tubes, and included wiring diagrams for different kinds of amplifiers, signal generators, filters and radios. I still have the book, even though it looks like having gone through a plane crash.

Subsequently, he started a habit of sometimes stopping by an electronic component store when coming from work and bringing me these so-called ‘million bags’ of all different kinds of components – diodes, transistors, resistors, capacitors and some simple integrated circuits. In addition to this, I got more components by disassembling broken televisions, stereos and other devices from our relatives and neighborhood.

In a couple of years I learned how all basic semiconductors worked, though this process sometimes included black smoke and once even a fire alarm. I replicated the circuit diagrams first with a patch circuit board, and later learned to create specific boards using raw boards, hydrogen chloride.

My first devices were light shows with periodic flashing and door gates using light-dependent resitors and a simple transistor circuit. But my dream was to master the radio waves, first with amplified ferrite crystal machine. Hearing an AM station loud and clear from a self-built device with a car speaker attached was like a religious experience.

With my appetite growing, I started building an FM transmitter with more powerful components than in the book’s last chapter reference design. After quite some trial and error, I was able to reach 5 watts of transmission power, enough to broadcast over local radio stations in the immediate neighborhood.

Me and my friend’s local radio show came to an abrupt end though, when we spotted Finnish Broadcasting Company’s triangulating cars driving slowly a couple of streets from us. Someone had apparently filed a report of a pirate radio – interfering with radio waves was, and still is, quite illegal. But my knowledge of law was minuscule to that of electronics at that time.

Now after 35 years, building things is done increasingly in software, also in the radio domain. With less than 100 euros, one can buy a generic transceiver module which can easily be programmed into e.g. a digital TV receiver, WiFi access point, mobile base station or an AIS or ADS-B transmitter.

AIS, or Automatic Identification System, is used by marine vessels to broadcast their characteristics, speed, position and other data, while ADS-B, or Automatic Dependent Surveillance Broadcast is the even more informative and trusted system for aviation. Both these systems use protocols which have no authentication or encryption, and speficifications are publicly available. At the same time, most naval and aircraft traffic control centers heavily rely on the radar-like data these systems enable.

Some professional ADS-B and AIS device manufacturers have also migrated to the software domain, as it makes product development smoother and new features can be added without changing hardware. Crucially, many of these devices have internet connectivity for pushing the data into backend systems.

Now imagine a curious, present-day 13-year-old, or someone with real intent to disrupt air or marine traffic. In the simplest way, it can be done with a USB-connected software radio and a piece of software which generates hundreds of phantom ships or planes. If the false signal is transmitted from one location, it can be triangulated and found, but what if the said someone hacks a few hundred network connected radios and sends the signal from all over the place?

To conclude, we must improve and replace legacy systems all the time in order to be secure. We were not safe before, just blissfully unaware.


Leave a Reply

Your email address will not be published. Required fields are marked *